Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jochemke
New Contributor

Wireguard behind fortigate

Hey all,

 

I have a little issue with getting the DNS working correctly when a user connects through Wireguard VPN. At our local site we have a Wireguard server running behind our Fortigate firewall. Our lan is using 192.168.0.0/22 and the wireguard lan is 192.168.100.0/24. 

To get it up and running I have setup a virtual ip from our public ip to the ip of the wireguard server on our lan with port forwarding for the listen port. For access to the lan I have created a static route from 192.168.0.0 to 192.168.100.0 using the wireguard server ip as gateway. I have also created a policy so the traffic is handled correctly. 

 

The tunnel is working and a user can connect to the wireguard server and ping our lan devices. However DNS is not working. In the wireguard client I have setup DNS to 192.168.0.100 and 192.168.0.101 but that doesn't seem to be working. Does anyone know how I can get DNS to work properly in this situation? Is there anything else I have to configure on the Fortigate? 

 

 

1 REPLY 1
seshuganesh
Staff
Staff

Hi Team,

 

If you are able to access servers through ping, you will be able to access through DNS as well.

Please execute this command in wireguard client :

nslookup 

See which DNS server it is showing in command prompt

Also, try to install wireshark in client machine and see packets are going to which server.

That should isolate the issue

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors